Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

Are You Prepared for the SharePoint Compliance Risk from a Data Breach?

The Identity Theft Resource Center (ITRC) released a report for the breaches within the last year. The numbers are unfortunately staggering and present major SharePoint compliance risk for businesses in nearly every industry.

Overall, 102 + million people were exposed in a total of 315 data breaches. Below is a quick breakdown of the main categories and their associated number of breaches:

  • Medical/Healthcare – 277 breaches of 112,832,082 records
  • Government/Military – 63 breaches of 34,222,763 records
  • Business – 312 breaches of 16,191,017 records
  • Banking/Credit/Financial – 71 breaches of 5,063,044 records
  • Educational – 58 breaches of 759,600 records

As you can see, industries in which you would expect particular attention to be paid to potential compliance risk such as medical or government, actually had the most records exposed. This is particularly troubling and is an indication that most industries are woefully unprepared in the event of a data breach.

These data breaches can have enormous legal, financial and reputational consequences and a proactive governance plan can help to limit SharePoint compliance risk. Below is an excerpt from one of our recent blog posts that lays out some of these strategies:

1. Clearly establish ownership of SharePoint compliance and data privacy
 
2. Assess the process for any information shared outside the organization
 
3. Identify any Personally Identifiable Information (PII) and create appropriate business processes that include IT, legal and the records management team
 
4. Ensure policies are in place to meet federal, state, local and industry regulations
 
5. PII must be limited not only by user but by location
 
6. Clean up ROT data based on an approved retention schedule
 
7. Use encryption techniques whenever possible
 
8. The ability to have audit trails, logging and monitoring is essential to defensible disposition

A complete information governance program is critical to protect against SharePoint compliance risk. 

By Andrew Borgschulte

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.